an administrative subpoena or investigative demand or other written request from a law enforcement official * To respond to a request for PHI for purposes of identifying or locating a suspect, fugitive, material witness or missing person; but the covered entity must limit disclosures of PHI to name and address, date and place of birth, social security number, ABO blood type and rh factor, type of injury, date and time of treatment, date and time of death, and a description of distinguishing physical characteristics.
* If expressly authorized by law, and based on the exercise of professional judgment, the report is necessary to prevent serious harm to the individual or others, or in certain other emergency situations. Notice to the individual of the report may be required.
* To report PHI to law enforcement when required by law to do so .For example, state laws commonly require health care providers to report incidents of gunshot or stab wounds, or other violent injuries; and the Rule permits disclosures of PHI as necessary to comply with these laws.
* To alert law enforcement to the death of the individual, when there is a suspicion that death resulted from criminal act. Information about a decedent may also be shared with medical examiners or coroners to assist them in identifying the decedent, determining the cause of death, or to carry out their other authorized …show more content…
duties.
* To report PHI that the covered entity in good faith believes to be evidence of a crime that occurred on the covered entity’s premises. * When responding to an off-site medical emergency, as necessary to alert law enforcement about criminal activity, specifically, the commission and nature of the crime, the location of the crime or any victims, and the identity, description, and location of the perpetrator of the . * When consistent with applicable law and ethical standards; to a law enforcement official reasonably able to prevent or lessen a serious and imminent threat to the health or safety of an individual or the public.
One way the Privacy Rule protects the privacy of PHI is by generally giving individuals the opportunity to agree to the uses and disclosures of their PHI by signing an Authorization form for uses and disclosures not otherwise permitted by the Rule.
The Privacy Rule establishes the right of an individual, such as a research subject, to authorize a covered entity to use and disclose his/her PHI for research purposes. This requirement is in addition to the informed consent to participate in research required under the HHS Protection of Human Subjects Regulations and other applicable Federal and State law. An Authorization differs from an informed consent in that an Authorization focuses on privacy risks and states how, why, and to whom the PHI will be used and/or disclosed for research. An informed consent, on the other hand, provides research subjects with a description of the study and of its anticipated risks and/or benefits, and a description of how the confidentiality of records will be protected, among other things. An Authorization can be combined with an informed consent document or other permission to participate in
research.
Among other limited purposes, a covered entity may use or disclose PHI without an Authorization, as follows:
* To the extent the use or disclosure is required by law and complies with, and is limited to, the relevant requirements of such law. For example, a covered entity may disclose, without Authorization, PHI to cancer registries if the disclosure (or reporting) is required by law. * For disclosure to a public health authority that is authorized by law to collect or receive the information for purposes of preventing or controlling disease, injury, or disability. * To a person subject to the jurisdiction of the FDA with respect to an FDA-regulated product or activity for which that person has responsibility, for purposes related to the quality, safety, or effectiveness of the FDA-regulated product or activity.
A government agency may obtain and use PHI and does not need written authorization from the patient for the following reasons: * Medicaid * Medicare * Military and veterans activities * Armed forces personnel * National security and intelligence activities * Protective services for the president and others * Medical suitability determinations * Correctional institutions for the provision of health care
Written authorization from a patient is required for PHI in the following situations and must be signed by the patient before it can be released: * Attorney request * Employers * Government Agencies * Health care providers that did not initially care for the patient * Internal revenue services * Law enforcement * HIV information * Marketing communication * Patient or patient representative * Research that includes treatment of an individual * Third party payers * Worker’s compensation carriers
In regards to privacy safeguard principles I do not feel that they are adequately supported. There is too much access to our personal information and I do not feel that it should be given out to freely and without disregard to the patient’s privacy. Written permission should be obtained by the patient in all circumstances, or at least written notice that their information has been given out. The information in some instances is acceptable to me like when there is a crime committed or if there is a disease that is not able to be cured and is highly contagious is the only reasons that I can understand information being given out, but it should be sent in writing to the patient. So I would have to say that I do not agree that there are adequate safeguards to patient’s health information for that matter. It would seem to me that really there is no reason to feel safe when information of a patient is taken by a physician and that as soon as information is entered into the system it is easily accessed by other agencies.